#Business Logic Flaw
7 postsBugForge - Daily - Cheesy Does It (Feb 2, 2026)
A business logic flaw in the tip functionality of the Cheesy Does It pizza ordering application allows users to submit negative tip percentages during the…
BugForge - Daily - Cheesy Does It (Jan 26, 2026)
A business logic flaw in the refund endpoint allows arbitrary refund amounts without validation against actual order values. The API endpoint and payload…
BugForge - Daily - Cheesy Does It (Jan 19, 2026)
This vulnerability is a business logic flaw in the checkout process where the backend accepts client-supplied discount data without enforcing strict validation…
BugForge - Weekly - Galxy Dash
This walkthrough highlights a multi-tenant business logic flaw where type confusion in a team management API allows tenant isolation to be bypassed. After…
BugForge - Daily - Cheesy Does it
After creating an account and placing a normal pizza order, the checkout request was intercepted to analyze how pricing data is handled by the backend. The…
BugForge - Daily - Cafe Club (Jan 4, 2026)
This challenge exploits a business logic vulnerability in the checkout process where the server fails to validate the points_to_use parameter against the…
BugForge - Daily - Cafe Club (Dec 28, 2025)
This vulnerability is a business logic flaw involving predictable identifiers and brute force, where gift card codes are generated with insufficient entropy…